Tim Bannister <isoma_at_jellybaby.net> wrote:
> On 30 Apr 2013, at 04:19, David Strauss <david_at_davidstrauss.net> wrote:
> > We're trying to implement this for our own server/client
> > communication and our communication with S3, so the set of
> > implementations needing to interoperate is pretty limited. The goal
> > is to checksum, not to avoid attacks. MD5 is quite adequate for
> > that. I would like to use a standard rather than rolling our own
> > method, though.
>
> TCP already has checksums… would those be enough?

No. I've been bit by buggy drivers/firmware (combined with various
types of hardware offloading) letting TCP/ethernet errors slip past.

> Depending on your application, you might like to look into support for
> HTTP trailers. Putting Content-MD5: into a trailer could avoid the
> need to buffer the whole response.

Unfortunately, support for trailers is not widespread :<
But yes, I use them whenever I can.
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-05-04